Golang is known for writing CLI tools, but you may not know that Golang can also package configuration files.
background
Recently, I am writing a CLI tool related to the management of Ali Cloud ECS. Here, of course, I need to consider the security of the use of Ali cloud resources, requiring that the AccessKeyId and AccessKeySecret of Ali cloud account cannot be sent to the users of the CLI tool.
Therefore, a configuration file containing AccessKeyId and AccessKeySecret is packaged into the CLI tool. By default, users of the CLI tool will use the packaged configuration file, or they can use the new configuration information by specifying the configuration file or passing parameters.
implementation
tool
Golang’s go-Bindata library, which converts any file into Go code, can be used to embed binaries into Go programs. It also supports compression of file data using gzip before converting to raw byte slices.
For details on the tool, go to github.com/go-bindata/…
packaging
Use the Go-binData tool to convert configuration files containing sensitive information into go source code. Here is part of the project Makefile. The tool is called myCLI.
NAME = mycli
CONFIG = configs/config.yaml
.PHONY: build
build:
cp $(CONFIG)config.yaml mkdir -p cmd/mycli/asset go-bindata -pkg asset -o cmd/mycli/asset/asset.go \ scripts/... \ config.yaml CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/linux/mycli cmd/mycli/*.go CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o bin/darwin/mycli cmd/mycli/*.go chmod +x ./bin/linux/mycli ./bin/darwin/mycli rm -f config.yaml mycli ln -s bin/linux/mycli mycliCopy the codeConvert files to Go source code as follows:
go-bindata -pkg asset -o cmd/mycli/asset/asset.go \
scripts/... \
config.yaml
Copy the codeOptions for the Go-bindata command-line tool:
-pkgSpecify the package name and the call will be written asasset.Asset("config.yaml")-oSpecifies where the generated Go source code is stored
The generated asset.go code looks like this:
// Code generated by go-bindata.
// sources:
// scripts/create.sh
// scripts/sub/delete.sh
// config.yaml
// DO NOT EDIT!
package asset
func bindataRead(data []byte, name string) ([]byte, error){... }type asset struct {
bytes []byte
info os.FileInfo
}
type bindataFileInfo struct {
name string
size int64
mode os.FileMode
modTime time.Time
}
func (fi bindataFileInfo) Name(a) string {
return fi.name
}
func (fi bindataFileInfo) Size(a) int64 {
return fi.size
}
func (fi bindataFileInfo) Mode(a) os.FileMode {
return fi.mode
}
func (fi bindataFileInfo) ModTime(a) time.Time {
return fi.modTime
}
func (fi bindataFileInfo) IsDir(a) bool {
return false
}
func (fi bindataFileInfo) Sys(a) interface{} {
return nil}...Copy the codecall
Use the Asset method to load the packaged configuration file:
const preloadConfigFile = "config.yaml"
type Config struct{... }func PreloadConfig(a) (*Config, error) {
b, err := asset.Asset(preloadConfigFile)
iferr ! =nil {
return nil, fmt.Errorf("failed to read config: %v", err)
}
var config *Config
err = yaml.Unmarshal(b, &config)
return config, err
}
Copy the codeconclusion
Go-bindata is used to convert files into GO source code, and then compiled into binary files. Finally, only the binary files need to be handed to users. In this way, users of the tool can reduce their direct contact with some sensitive information and ensure the security of resources.
In fact, in order to fully control resource access, THE CLI tool can be encapsulated into a visual operation interface similar to Jenkins Job, which is convenient for users to use and can limit the scope of use of the tool, including the parameters passed to the CLI tool.
Original link: k8scat.com/posts/build…